/*
package com.qitmiaojie.config;

import com.fasterxml.jackson.databind.ObjectMapper;
import com.qitmiaojie.controller.utils.Result;
import com.qitmiaojie.security.*;
import com.qitmiaojie.security.filter.LoginCodeFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.SecurityContextLogoutHandler;

@Configuration
@EnableGlobalMethodSecurity(prePostEnabled = true)//开启方法注解权限
public class SecurityConfig extends WebSecurityConfigurerAdapter {
    private static final String[] WHILTE_LIST = {"/user","/login","/captcha","/test/pass","/GeographyJson","/swagger-ui.html","/doc.html","/swagger-resources/**"};//白名单接口
    @Autowired
    private UserDetailsService userDetailsService;//管理员信息
    @Autowired
    private LoginFailureHandler loginFailureHandler;
    @Autowired
    private LoginSuccessHandler loginSuccessHandler;
    @Autowired
    private CaptchaFilter captchaFilter;
    */
/*@Autowired
    private JWTAuthenticationFilter jwtAuthenticationFilter;*//*

    @Autowired
    private JWTAccessDeniedHandler jwtAccessDeniedHandler;
    @Autowired
    private JWTAuthenticationEntryPoint jwtAuthenticationEntryPoint;
    @Autowired
    private JWTLogoutHandler jwtLogoutHandler;
    @Bean//注入自己的过滤器
    public JWTAuthenticationFilter jwtAuthenticationFilter() throws Exception{
        JWTAuthenticationFilter jwtAuthenticationFilter=new JWTAuthenticationFilter(authenticationManager());
        return jwtAuthenticationFilter;
    }
    @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder());
    }
    @Bean//注册一个BCrypt加密
    PasswordEncoder passwordEncoder(){
        return new BCryptPasswordEncoder();
    }
    @Override
    protected void configure(HttpSecurity http) throws Exception {
        http.authorizeRequests().antMatchers("/swagger-ui.html").permitAll();
        http.cors().and().csrf().disable()
                .formLogin()
                //.loginProcessingUrl("/login")
                .failureHandler(loginFailureHandler)
                .successHandler(loginSuccessHandler)
                .and()
                .logout()
                .logoutSuccessHandler(jwtLogoutHandler)

                .and()//禁用session
                .sessionManagement()
                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)

                .and()//设置权限问题
                .authorizeRequests()
                .antMatchers(WHILTE_LIST).permitAll()
                .anyRequest().authenticated()

                .and()
                .exceptionHandling()
                .authenticationEntryPoint(jwtAuthenticationEntryPoint)
                .accessDeniedHandler(jwtAccessDeniedHandler)

                .and()//设置验证码先进行校验
                .addFilter(jwtAuthenticationFilter())
                .addFilterBefore(captchaFilter, UsernamePasswordAuthenticationFilter.class);



                */
/*.loginProcessingUrl("/admin/login1")
                .defaultSuccessUrl("/admin/loginsucceed").permitAll()
                .and().authorizeRequests()
                .antMatchers("/admin/login","/","/login.html","/admin/login1").permitAll()
                //.antMatchers("/admin/loginsucceed").hasAuthority("admin")
                .anyRequest().authenticated()*//*


    }
    */
/*@Bean
    @Override
    public UserDetailsService userDetailsServiceBean() throws Exception {
        return super.userDetailsServiceBean();
    }

    @Bean
    public LoginCodeFilter loginCodeFilter() throws Exception {

        LoginCodeFilter loginCodeFilter = new LoginCodeFilter();
        loginCodeFilter.setFilterProcessesUrl("/login");
        //3.指定认证管理器
        loginCodeFilter.setAuthenticationManager(authenticationManagerBean());
        //4.指定成功时处理
        loginCodeFilter.setAuthenticationSuccessHandler((req, resp, authentication) -> {
            Result result = new Result();
            result.setMsg("登陆成功");
            result.setStateCode(200);
            resp.setContentType("application/json;charset=UTF-8");
            String s = new ObjectMapper().writeValueAsString(result);
            resp.getWriter().println(s);
        });
        //5.认证失败处理
        loginCodeFilter.setAuthenticationFailureHandler((req, resp, ex) -> {
            Result result = new Result();
            result.setMsg("登录失败: " + ex.getMessage());
            result.setStateCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
            resp.setContentType("application/json;charset=UTF-8");
            String s = new ObjectMapper().writeValueAsString(result);
            resp.getWriter().println(s);
        });
        return loginCodeFilter;

    }
    @Bean
    public UserDetailsService userDetailsService() {
        InMemoryUserDetailsManager inMemoryUserDetailsManager = new InMemoryUserDetailsManager();
        inMemoryUserDetailsManager.createUser(User.withUsername("root").password("{noop}123").roles("amdin").build());
        return inMemoryUserDetailsManager;
    }*//*


   */
/* @Override
    protected void configure(AuthenticationManagerBuilder auth) throws Exception {
        auth.userDetailsService(userDetailsService());
    }*//*




    */
/*@Override
    protected void configure(HttpSecurity http) throws Exception {
       http.authorizeRequests().mvcMatchers(WHILTE_LIST).permitAll()
               .anyRequest().authenticated()
               .and()
               .formLogin()
               .and()
               .exceptionHandling()
               .authenticationEntryPoint((request, response, authException) -> {
                   response.setContentType(MediaType.APPLICATION_JSON_UTF8_VALUE);
                   Result result = new Result();
                   result.setMsg("请认证之后再操作！");
                   result.setStateCode(HttpStatus.UNAUTHORIZED.value());
                   String json = new ObjectMapper().writeValueAsString(result);
                   response.getWriter().write(json);
               }).and()
               .logout()
               .logoutSuccessHandler(((request, response, authentication) -> {
                   if(authentication!=null){//登出处理器
                       new SecurityContextLogoutHandler().logout(request, response, authentication);
                   }
                   response.setHeader("Token","");
                   response.setContentType("application/json;charset=UTF-8");
                   Result result=new Result();
                   result.setObject(null);
                   result.setStateCode(200);
                   result.setMsg("退出成功");
                   String json = new ObjectMapper().writeValueAsString(result);
                   response.getWriter().write(json);
               }));


       http.addFilterAt(loginCodeFilter(), UsernamePasswordAuthenticationFilter.class);


    }*//*

}
*/
